DigiCert partnership enhances SSL security on Wikimedia sites

The Wikimedia Foundation today announced a partnership with DigiCert, Inc. based in Linden, Utah, to secure its web and mobile properties, using the company’s Enterprise SSL Managed PKI. The agreement supports online authentication and encryption on Wikimedia’s web and mobile properties, while enabling Foundation staff to streamline digital certificate management.

“The Wikimedia Foundation is grateful for this partnership with DigiCert, which will enhance our ability to secure the millions of online exchanges that occur with our websites each day,” said CT Woo, Director of Technical Operations for the Wikimedia Foundation. “It’s important for Wikimedia to identify like-minded partners that value transparency and the privacy of our users.”

DigiCert is an online security provider for many of the most recognized companies and web sites in the world, including four of the top 10 comScore-ranked sites. With 489 million unique visitors to the 285 language Wikipedias and sister sites each month, the Wikimedia Foundation seeks partners who share its mission to ensure transparency and privacy for its users.

DigiCert has seen consistent growth over time and is currently the world’s third-largest provider of enterprise authentication services and digital certificates, with numerous government, educational and business clients around the world.

“DigiCert is pleased to partner with the Wikimedia Foundation in recognizing the importance of the free and secure flow of information across the Internet and to support the Foundation’s mission,” said DigiCert CEO Nicholas Hales in a press release. “We’re excited to have another opportunity to demonstrate the quality, scalability and flexibility of DigiCert’s products for a continually expanding roster of globally leading organizations of all sizes and industries.”

Having a vendor to support the specifics that WMF is required makes certainly sense but on the other hand not being able to disclose particulars of the contract is somehow disturbing.

Notions like “we got a good deal” have to been put into relations as that to what “good” means. Fundraising money is used to serve the contract but it should be clear on which terms that will happen and a bit more transparency should work for both DigiCert, and WMF.

Our biggest challenge when selecting the SSL provider was to find someone willing to custom-make one for us, specifically, a certificate that supports both wildcard.domain name as well as wildcard.subject alternative name. All SSL vendors do provide the *. feature and only 2 entertained the idea of issuing a custom wildcard SAN. Given our URL structure and the number of languages we support, not having an SSL certificate with wildcard SAN is a major issue.

Unfortunately the contract prohibits us from disclosing the cost, however we got a good deal.
Thanks.

Interesting. I’m curious to know whether open source projects were considered in selecting the WMF’s SSL provider (were options such as OpenSSL considered?), and also how the selection process was organised (was there a RfP or tendering process?).

Also, would the WMF be able to share how much this commercial solution costs?

Recent Posts

The Wikimedia Foundation, Inc. Is a nonprofit charitable organization dedicated to encouraging the growth, development and distribution of free, multilingual content, and to providing the full content of these wiki-based projects to the public free of charge.

The Wikimedia projects have an international scope, and the Wikimedia movement has already made a significant impact throughout the world. To continue this success on an organizational level, Wikimedia is building an international network of associated organizations.